Re: Avoid speculative indirect calls in kernel

From: Borislav Petkov
Date: Sun Jan 07 2018 - 13:55:23 EST


On Sun, Jan 07, 2018 at 06:44:51PM +0100, Willy Tarreau wrote:
> Exactly, but there's much more to gain by owning this process anyway in
> certain cases than just dumping a few hundreds of kernel bytes.

A few hundred? It is *all* machine bytes.

> That's where I consider that "trusted" is more "critical" than "safe" :
> if it dies, we all die anyway.

No, not die. Exploit it and since it is "trusted", use it to dump all
memory. All your memories belongs to us.

> Just like you have to trust your plane's pilot eventhough you don't
> know him personally.

Funny you should make that analogy. Remember that germanwings pilot?
People trusted him too.

Now imagine if the plane had protection against insane pilots... some of
those people might still be alive, who knows...

--
Regards/Gruss,
Boris.

Good mailing practices for 400: avoid top-posting and trim the reply.